Hello to all. I'm making a Jabber client whose main "important" thing is that it implements the JEP-0027 (Current usage of OpenPGP in Jabber), i already know properly the protocol, and i have read the JEP-0027 (http://www.jabber.org/jeps/jep-0027.html) .
The question is that the document does not specify very clear (IMHO) how to perform the key exchange it says : "All keys are exchanged using OpenPGP key servers, and usually are retrieved when a signed <presence/> stanza is received (key retrieval does not happen in-band)." The thing is : how do i know in which server is the key of the person i am chatting with?? Also it would be great also if someone can give me an opinion about using GnuPG for doing this: I am doing all the development in JAVA and i will prefer to avoid using an "external program" (as GnuPG). Apart from that, I have been doing some testing with encryption over jabber by using the own Jabber server to exchange the keys (just to check that i did the encryption part properly, and it worked, using RSA keys...) Any idea/suggestion/hint?? THANKS in advance.
